Libvdpau trace feature Arbitrary File Write Vulnerability (CVE-2015-5200)
Libvdpau trace feature Arbitrary File Write Vulnerability (CVE-2015-5200)
Release date:
Updated on:
Affected Systems:
Libvdpau <1.1.1
Description:
CVE (CAN) ID: CVE-2015-5200
Libvdpau is a video decoder and display application interface on Unix.
In versions earlier than libvdpau 1.1.1, trace allows local users to write arbitrary files when using setuid or setgid.
<* Source: Florian weian (Weimer@CERT.Uni-Stuttgart.DE)
Link: http://www.ubuntu.com/usn/USN-2729-1/
*>
Suggestion:
Vendor patch:
Libvdpau
--------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://freedesktop.org/wiki/Software/VDPAU/
Http://cgit.freedesktop.org /~ Aplattner/libvdpau/commit /? Id = d1f9c16b1a8187110e501c91_d21ffee25c0ba4
This article permanently updates the link address: